35 lines
961 B
YAML
35 lines
961 B
YAML
# skip boilerplate check
|
|
---
|
|
# Terraform will be unable to decode this file if it does not contain valid YAML
|
|
# You can retain `---` (start of the document) to indicate an empty document.
|
|
|
|
ingress:
|
|
allow-hc-nva-ssh-dmz:
|
|
description: "Allow traffic from Google healthchecks to NVA appliances"
|
|
source_ranges:
|
|
- healthchecks
|
|
rules:
|
|
- protocol: tcp
|
|
ports:
|
|
- 22
|
|
# these are not really needed, but it's good to have them
|
|
# in place if the more generic hierarchical firewall policies
|
|
# get deleted
|
|
allow-ncc-nva-bgp-dmz:
|
|
description: "Allow BGP traffic from NCC Cloud Routers to NVAs"
|
|
source_ranges:
|
|
- ncc_cloud_routers_dmz
|
|
targets: ["nva"]
|
|
rules:
|
|
- protocol: tcp
|
|
ports:
|
|
- 179
|
|
allow-nva-nva-bgp-dmz:
|
|
description: "Allow BGP traffic from cross-regional NVAs"
|
|
sources: ["nva"]
|
|
targets: ["nva"]
|
|
rules:
|
|
- protocol: tcp
|
|
ports:
|
|
- 179
|